A question concerning the following SSSD directives:

ldap_user_ssh_public_key =
ldap_host_ssh_public_key =

Both default to "sshPublicKey" values, but other than the obvious stated use cases (in the directive names and man file entries) I feel I'm missing something concerning the " ldap_host_ssh_public_key" directive.

For example, using the default configuration, the SSSD pulls down the public key(s) stored for a user stored in the " sshPublicKey" attribute using the "/usr/bin/sss_ssh_authorizedkeys" utility. to facilitate access to a predetermined set of hosts.

What is the use case for the " ldap_host_ssh_public_key" directive? Is it somehow used to store the public Key for a particular host (and why?) and does it have any relationship to the "/usr/bin/sss_ssh_knownhostsproxy" utility used to centralise (and distribute?) host keys?


Any info would be most useful and as always, thank you!


-- lawrence

--
Lawrence Kearney